Why you need to worry about your smart-home’s security?

Flat design style modern vector illustration concept of smart house technology system with centralized control of lighting, heating, ventilation and air conditioning, security locks and video surveillance, energy savings and efficiency. Isolated on white background.

No one will argue that the Internet of Things (IoT) is the buzzword in today’s internet-driven world. From connected light bulbs to smart fridges and coffee machines, the IoT phenomenon is promising to change our lives in ways that weren’t imaginable a few years back.

But in tandem with becoming smarter, our homes are also becoming less secure, and the billions of devices that are being added to our hyper-connected world every year are creating countless new possibilities and attack vectors for hackers with malicious intents.

I had the chance to talk to some of the experts in the IoT security field, and here are a few warnings you should consider if you already own IoT devices at home, or are planning to buy a new connected appliance.

In their haste, IoT developers overlook security considerations

While IoT is going through its “gold rush” phase, manufacturers are more concerned about shipping feature-complete products, and in their haste to avoid losing the competition, they’re prone to neglecting security issues. In a survey carried out by security firm Auth0, 85 percent of polled developers admitted to being pressured to rush an application to market despite security concerns. According to developers surveyed by Auth0, “IoT devices are often pushed to market too quickly, forcing developers to cut corners.”

Therefore, hundreds and thousands of vulnerable devices have already been installed in consumers’ homes, with hundreds more entering the fray every day.

A blog post by security expert Graham Cluley states that more than 200,000 IoT devices suffer from the Heartbleed bug, one of the most serious security holes discovered in recent years.

In another research led by security consulting firm SEC shows, millions of IoT products were found to use shared SSH and HTTPS keys, which make Man-in-the-Middle attacks a breeze.

Patching and updating IoT devices involves too much trouble.

The second point to consider is the mechanism needed to patch, update or re-flash IoT firmware once it is found to have a vulnerability. Since many gadgets are sorely lacking in this domain, their owners are left to choose to either dispose of the product or to keep it and live with the fact that there’s a vulnerable gadget in their home that can be compromised by malicious hackers.

As Mika Majapuro, the director of business at security tech-firm F-Secure, told me, “there is no way to manually install security products on your IoT devices. How would you install anything on your toaster?”

There’s also the issue of managing all these connected devices. Majapuro further elaborated on the issue by pointing out, “Many of these devices have a long life-cycle. If you buy a connected fridge, you probably want to keep it for several years. How will you know when a software update for your fridge is available?” You’ll probably have to check its vendor’s site for update. But then you have many of these devices in your home. Majapuro added a twist by asking, “What if your fridge vendor stops supporting the model you have or the vendor goes bankrupt?”

IoT devices give away your living habits

And by this, I mean more than those evil smart TVs that snoop on your watching habits and listen to your conversations. As a study by LGS Innovations points out, even when IoT devices encrypt their communications, hackers can monitor IoT network activity in your home to remotely figure out your daily habits, including the times you’re not at home (you know what happens after that).

And that does not account for individual devices being hacked. When I asked Dr. Paul Judge, co-founder of tech-startup Luma, about smart home security, he wrote, “IoT devices tend to hold your most personal information – like camera footage of your home, your health information, location and family info. If you do not address security for IoT devices, then every new device that you bring home has the potential to steal your identity and invade your privacy.”

IoT devices can enable intruders to access more sensible devices

IoT devices might not contain critical information per se, but they can allow hackers to access more critical information that can be found in your network.

Most devices are immune against intruders from outside your network, but they’ll likely trust a device that is in your local network. For instance a web server in your home network might not accept connections from outside, but will trust HTTP requests coming from within the home network.

As Majapuro told me, “Most hackers are not after your connected coffee maker. They are after your personal information, e.g. your banking information. Hackers might use your connected coffee maker as an entry point into your home network. Once in, they can try to get to you laptop and tablets and that way gain access to personal information e.g. banking and credit card information.”

Cybercriminals use vulnerable IoT devices to assemble their botnet armies

This might not directly affect your life, but it is a serious issue nonetheless. In case you didn’t know, one of the most famous types of cyber-attacks are Distributed Denial or Service (DDoS) attacks, in which hackers hijack a large number of devices called botnets, and use them to send countless requests to target servers in order to overload them and bring them down.

In days of yore (I mean ten years ago, maybe), such a feat could only be accomplished by compromising personal computers, which was a challenging task given that most users tend to install some sort of anti-virus or malware protection software on their PCs. But with a host of vulnerable IoT devices at their disposal (which have no means to protect themselves), hackers no longer need to go after desktop workstations and laptops.

Without knowing it, your smart fridge or connected light bulb can become a slave (or a willing member) of a dark botnet army, doing the bidding of some evil hacker who wants to ransom an unfortunate victim.

Conclusion

Ok, the threats involved in the IoT industry are freakishly scary, but the goal of this post wasn’t to convince you to change your mind and stick to the same dumb, decades-old appliances you owned before, you’re wrong. In fact, as the , I’m always on the lookout for new gadgets and cutting edge technology, and I have quite a few smart things at home and I see great potential in the future of IoT. And the tech community is already taking great strides to make sure more secure and are used for the purposes they were made. F-Secure in particular will soon be shipping the SENSE box, which will be addressing the very issues raised in this post.

The point is, you need to assess the risks, identify the weaknesses, and plug the holes that cybercriminals might use to turn your dream home into a nightmare. I will be addressing IoT security in future posts and offer guidelines and advice for improvements. In the meantime, if you have any questions, suggestions or innovative ideas on IoT security, please leave a note below, or contact me.

[…] realized without the security and privacy controls to go with it. There are many reasons for you to worry about your smart-home’s security, because insecure IoT device will effectively enable malicious hackers to remotely monitor your […]

[…] But while IoT gadgets have the power to make our homes smarter, they also have the potential to make them less safe by introducing new attack vectors for hackers to target us and make our lives a living […]

[…] But while IoT gadgets have the power to make our homes smarter, they also have the potential to make them less safe by introducing new attack vectors for hackers to target us and make our lives a living […]

[…] But while IoT gadgets have the power to make our homes smarter, they also have the potential to make them less safe by introducing new attack vectors for hackers to target us and make our lives a living […]

[…] so many vulnerable IoT gadgets at large, there are many reasons for you to worry about your smart-home’s security. And with IoT devices multiplying at a chaotic pace, you’ll soon be hard-pressed to control and […]

[…] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

[…] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

[…] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

[…] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

[…] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

[…] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

[…] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

[…] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

[…] utility and opportunities provided by the Internet of Things (IoT) have been shadowed by grievous security and privacy tradeoffs, which have become a focal point of attention for the tech industry in the recent […]

[…] issues is not, because it is spilling tons of private data online, is threatening to open up security holes in places never imagined previously, and can even compromise the health and threaten the lives of consumers in some cases. All of these […]

[…] and unprecedented opportunities offered by the Internet of things (technology operations) through serious security and privacy tradeoffs , which became the focal point of attention to the technology industry in recent months. […]

[…] Of special concern are smart homes, which are lacking the IT security infrastructure that organizations and tech firms are equipped with, house some of the most vulnerable devices, and can become attractive targets for malicious actors. […]

TechTalks Newsletter

ABOUT US

At TechTalks, we examine trends in technology, how they affect the way we live and do business, and the problems they solve. But we also discuss the evil side of technology, the darker implications of new tech and what we need to look out for.
The idea is to be able to make the most out of the benefits provided by new tech trends and to minimize the trade-offs and costs.